Cortex Data Lake Schema Reference
  • Cortex Data Lake Schema Reference
  • Strata Logging Service Documentation
  • All Documentation
>
Decryption HTTPS Fields
Focus
Download PDF
Focus
  1. Home
  2. Strata Logging Service
  3. Cortex Data Lake Schema Reference
  4. Network Logs
  5. Decryption
  6. Decryption HTTPS Fields
Download PDF
Strata Logging Service

Decryption HTTPS Fields

Table of Contents

Decryption HTTPS Fields

The following table identifies the Decryption field names that the Log Forwarding app uses when you forward logs using the HTTPS log format.
HTTPS Name
Query Name
Action
action.​value
Application
app
ApplicationCategory
app_category
ApplicationSubcategory
app_sub_category
CertificateFlags
cert_flags
CertificateSerial
cert_serial
CertificateSize
certificate_size
CertificateVersion
certificate_version.​value
ChainStatus
chain_status.​value
ApplicationCharacteristics
characteristics_of_app
ClientToFirewall
client_to_firewall.​value
CommonName
cn
CommonNameLength
cn_len
ConfigVersion
config_version.​value
ContainerID
container_id
ApplicationContainer
container_of_app
RepeatCount
count_of_repeats
Cpadding
cpadding
CortexDataLakeTenantID
customer_id
DestinationDeviceCategory
dest_device_category
DestinationDeviceClass
dest_device_class
DestinationDeviceHost
dest_device_host
DestinationDeviceMac
dest_device_mac
DestinationDeviceModel
dest_device_model
DestinationDeviceOS
dest_device_os
DestinationDeviceOSFamily
dest_device_osfamily
DestinationDeviceOSVersion
dest_device_osversion
DestinationDeviceProfile
dest_device_profile
DestinationDeviceVendor
dest_device_vendor
DestinationDynamicAddressGroup
dest_dynamic_address_group
DestinationEDL
dest_edl
DestinationAddress
dest_ip.​value
DestinationLocation
dest_location
DestinationPort
dest_port
DestinationUser
dest_user
DestinationUserDomain
dest_user_info.​domain
DestinationUserName
dest_user_info.​name
DestinationUserUUID
dest_user_info.​uuid
DestinationUUID
dest_uuid
DGHierarchyLevel1
dg_hier_level_1
DGHierarchyLevel2
dg_hier_level_2
DGHierarchyLevel3
dg_hier_level_3
DGHierarchyLevel4
dg_hier_level_4
Domain
domain
EllipticCurve
elliptic_curve.​value
ErrorIndex
error_index.​value
ErrorMessage
error_message
Fingerprint
fingerprint
FirewallToClient
firewall_to_client.​value
FromZone
from_zone
InboundInterface
inbound_if.​value
InboundInterfaceDetailsPort
inbound_if_details.​port
InboundInterfaceDetailsSlot
inbound_if_details.​slot
InboundInterfaceDetailsType
inbound_if_details.​type.​value
InboundInterfaceDetailsUnit
inbound_if_details.​unit
CaptivePortal
is_captive_portal
IsCertECDSA
is_cert_ECDSA
IsCertRSA
is_cert_RSA
IsCertCNTruncated
is_cert_cn_truncated
IsClienttoServer
is_client_to_server
IsContainer
is_container
IsDecryptMirror
is_decrypt_mirror
IsDecrypted
is_decrypted
IsDuplicateLog
is_dup_log
IsEncrypted
is_encrypted
LogExported
is_exported
IsForwarded
is_forwarded
IsIPV6
is_ipv6
IsIssuerCNTruncated
is_issuer_cn_truncated
IsMptcpOn
is_mptcp_on
IsNAT
is_nat
IsNonStandardDestinationPort
is_non_std_dest_port
PacketCapture
is_packet_capture
IsPhishing
is_phishing
IsPrismaNetwork
is_prisma_branch
IsPrismaUsers
is_prisma_mobile
IsProxy
is_proxy
IsReconExcluded
is_recon_excluded
IsResumeSession
is_resume_session
IsRootCNTruncated
is_root_cn_truncated
IsSaaSApplication
is_saas_app
IsServertoClient
is_server_to_client
IsSNITruncated
is_sni_truncated
IsSourceXForwarded
is_source_x_fwded
IsSystemReturn
is_sym_return
IsTransaction
is_transaction
IsTunnelInspected
is_tunnel_inspected
IsURLDenied
is_url_denied
IssuerCommonName
issuer_cn
IssuerNameLength
issuer_len
LogSetting
log_set
LogSource
log_source
LogSourceGroupID
log_source_group_id
DeviceSN
log_source_id
DeviceName
log_source_name
LogSourceTimeZoneOffset
log_source_tz_offset
TimeReceived
log_time
LogType
log_type.​value
NATDestination
nat_dest.​value
NATDestinationPort
nat_dest_port
NATSource
nat_source.​value
NATSourcePort
nat_source_port
TimeNotAfter
not_after
TimeNotBefore
not_before
OutboundInterface
outbound_if.​value
OutboundInterfaceDetailsPort
outbound_if_details.​port
OutboundInterfaceDetailsSlot
outbound_if_details.​slot
OutboundInterfaceDetailsType
outbound_if_details.​type.​value
OutboundInterfaceDetailsUnit
outbound_if_details.​unit
Padding
padding
Padding3
padding3
PanoramaSN
panorama_serial
PlatformType
platform_type
ContainerName
pod_name
ContainerNameSpace
pod_namespace
PolicyName
policy_name
Protocol
protocol.​value
ProxyType
proxy_type.​value
ApplicationRisk
risk_of_app
RootCommonName
root_cn
RootCNLength
root_cn_len
RootStatus
root_status.​value
Rule
rule_matched
RuleUUID
rule_matched_uuid
SanctionedStateOfApp
sanctioned_state_of_app
SequenceNo
sequence_no
SessionID
session_id
ServerNameIndication
sni
SNILength
sni_len
SourceDeviceCategory
source_device_category
SourceDeviceClass
source_device_class
SourceDeviceHost
source_device_host
SourceDeviceMac
source_device_mac
SourceDeviceModel
source_device_model
SourceDeviceOS
source_device_os
SourceDeviceOSFamily
source_device_osfamily
SourceDeviceOSVersion
source_device_osversion
SourceDeviceProfile
source_device_profile
SourceDeviceVendor
source_device_vendor
SourceDynamicAddressGroup
source_dynamic_address_group
SourceEDL
source_edl
SourceAddress
source_ip.​value
SourceLocation
source_location
SourcePort
source_port
SourceUser
source_user
SourceUserDomain
source_user_info.​domain
SourceUserName
source_user_info.​name
SourceUserUUID
source_user_info.​uuid
SourceUUID
source_uuid
Subtype
sub_type.​value
ApplicationTechnology
technology_of_app
TimeGenerated
time_generated
TimeGeneratedHighResolution
time_generated_high_res
TimeReceivedManagementPlane
time_received_mp
TLSAuth
tls_auth.​value
TLSEncryptionAlgorithm
tls_enc_algorithm.​value
TLSKeyExchange
tls_keyxchange.​value
TLSVersion
tls_version.​value
ToZone
to_zone
Tpadding
tpadding
Tunnel
tunnel.​value
TunneledApplication
tunneled_app
VendorName
vendor_name
Vpadding
vpadding
VirtualLocation
vsys
VirtualSystemID
vsys_id
VirtualSystemName
vsys_name

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.